Legal claims defining the scope of protection, as filed with the USPTO.
1. A system for enabling an application to track provenance information, comprising: an application analysis module configured to analyze an application binary to discover injection points for provenance tracking code, wherein said injection points correspond to existing library calls; and an instruction alteration module comprising a processor configured to overwrite instructions in the application binary at the injection points to create an instrumented application, wherein the overwritten instructions provide library calls to one or more instrumented libraries that invoke a provenance layer to track data operations.
2. The system of claim 1 , wherein the provenance layer is configured to transmit provenance logs to a provenance server.
3. The system of claim 2 , wherein the provenance logs form a provenance state model that represents a present state of data flows at the instrumented application.
4. The system of claim 3 , wherein the provenance state model is built from a combination of provenance logs from a plurality of client devices to represent a global state of data flows.
5. The system of claim 4 , wherein the one or more instrumented libraries further provide a configuration interface that can receive commands and alter the behavior of the instrumented application.
6. The system of claim 1 , wherein the data operations comprise file system calls.
7. A system for tracking provenance information, comprising: an instrumented application binary on a client device, wherein overwritten library call instructions provide library calls to one or more instrumented libraries that invoke a provenance layer to track data operations, wherein the provenance layer is configured to catch and log data events performed by the instrumented application and wherein the instrumented libraries further provide a configuration interface that can receive commands and alter the behavior of the instrumented application; and a provenance server that includes a processor configured to identify the client device and to receive a provenance log from the provenance layer, wherein said provenance log includes the logged data events.
8. The system of claim 7 , wherein the provenance server is further configured to build a provenance state model that represents a present state of data flows at the client device using the provenance logs.
9. The system of claim 7 , wherein the configuration is further configured to receive commands from the provenance server in accordance with a global state of data flows and one or more data policies.
10. A non-transitory computer readable storage medium comprising computer readable program for enabling an application to track provenance information, wherein the computer readable program when executed on a computer causes the computer to perform the steps of: analyzing an application binary to discover injection points for provenance tracking code, wherein said injection points correspond to existing library calls; overwriting instructions in the application binary at the injection points with a processor to create an instrumented application, wherein the overwritten instructions provide library calls to one or more instrumented libraries that invoke a provenance layer to track data operations; and deploying the instrumented application on a client device.
Unknown
March 8, 2016
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.